SMTP Service STARTTLS Plaintext Command Injection
Medium Nessus Plugin ID 52611
SynopsisThe remote mail service allows plaintext command injection while negotiating an encrypted communications channel.
DescriptionThe remote SMTP service contains a software flaw in its STARTTLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase.
Successful exploitation could allow an attacker to steal a victim's email or associated SASL (Simple Authentication and Security Layer) credentials.
SolutionContact the vendor to see if an update is available.